mxnticek/FSA
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
FSA/README.md

269 lines
6.5 KiB
Markdown
Raw Permalink Normal View History

Initial commit: Universal Samba share manager Features: - Auto-detects Linux distribution (Arch, Debian, Ubuntu, Fedora, RHEL, etc.) - Auto-installs Samba if not present - Auto-detects current user and network interfaces - Supports disk discovery and management - Optional persistent mounting via /etc/fstab - Safe configuration management with backups Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:32:47 +01:00
# FSA - Fucking Samba Ass
Universal Samba share management script that works across all major Linux distributions.
## Features
- 🔍 **Auto-detection**: Automatically detects your Linux distribution
- 📦 **Auto-installation**: Installs Samba if not already present
- 👤 **User-aware**: Automatically detects the current user
- 🌐 **Network-aware**: Auto-detects network interfaces
- 💾 **Disk management**: Discovers and manages disk shares
- 🔄 **Persistent mounts**: Optionally adds disks to /etc/fstab for auto-mount on boot
- 🛡️ **Safe**: Creates backups before modifying configuration
## Supported Distributions
- Arch Linux / Manjaro
- Debian / Ubuntu / Linux Mint / Pop!_OS
- Fedora
- RHEL / CentOS / Rocky Linux / AlmaLinux
- openSUSE / SLES
## Installation
1. Download the script:
```bash
wget https://forgejo.mxnticek.eu/mxnticek/FSA/raw/branch/main/spravuj_sdileni.sh
chmod +x spravuj_sdileni.sh
```
2. Run with sudo (the script will auto-install Samba if needed):
```bash
sudo ./spravuj_sdileni.sh
```
## Usage
### Initialize Configuration
Create a fresh Samba configuration with your user's home directory:
```bash
sudo ./spravuj_sdileni.sh init
```
### Mount and Share a Disk
**Temporary mount** (until reboot):
```bash
sudo ./spravuj_sdileni.sh mount-share
```
**Permanent mount** (adds to /etc/fstab):
```bash
sudo ./spravuj_sdileni.sh mount-share --mode=always
```
### Manage Shares
**Discover available disks**:
```bash
sudo ./spravuj_sdileni.sh discover
```
Major improvements to drive detection and create-all command Drive Detection Improvements: - Enhanced discover_mounts() with verbose mode showing detailed disk info - Better filtering to skip loopback devices and empty entries - Extended SHARES array format to include device name and UUID (5 fields) - Shows mount status, disk size, and free space for each partition create-all Command Overhaul: - Now a comprehensive 4-step setup process: 1. Creates static shares (home + root) 2. Detects all disk partitions on the system 3. Automatically mounts unmounted disks to /mnt/<label> 4. Adds disks to /etc/fstab for persistent mounting 5. Creates Samba shares for all mounted disks - Perfect for initial setup or bulk disk management Other Improvements: - discover command now shows verbose output with mount status - auto-disks shows count of created shares - Updated all functions to handle new 5-field SHARES format - Better error handling and user feedback throughout This makes FSA truly zero-touch for multi-disk setups! Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:54:22 +01:00
Shows all detected disk partitions with their mount status, labels, and available space.
Initial commit: Universal Samba share manager Features: - Auto-detects Linux distribution (Arch, Debian, Ubuntu, Fedora, RHEL, etc.) - Auto-installs Samba if not present - Auto-detects current user and network interfaces - Supports disk discovery and management - Optional persistent mounting via /etc/fstab - Safe configuration management with backups Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:32:47 +01:00
**List configured shares**:
```bash
sudo ./spravuj_sdileni.sh list
```
**Create a specific share**:
```bash
sudo ./spravuj_sdileni.sh create <share-name>
```
**Delete a share**:
```bash
sudo ./spravuj_sdileni.sh delete <share-name>
```
**Auto-create shares for all mounted disks**:
```bash
sudo ./spravuj_sdileni.sh auto-disks
```
Add comprehensive user management functionality Features added: - Create Samba users with password setup (user-create) - List all Samba users (user-list) - Delete Samba users with optional system user removal (user-delete) - Configure share access for users interactively (user-access) - Revoke user access from specific shares (user-revoke) - Automatically creates system users if needed - Interactive share selection for user permissions - Disables guest access when users are assigned User management includes: - Password prompts for new users - System user creation with no shell access - Integration with pdbedit for user management - Automatic valid_users configuration in smb.conf - Backup creation before any configuration changes Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:43:25 +01:00
### User Management
**Create a new Samba user**:
```bash
sudo ./spravuj_sdileni.sh user-create [username]
```
This will:
- Create a system user if it doesn't exist (with no shell access)
- Prompt for a Samba password
- Optionally configure which shares the user can access
**List all Samba users**:
```bash
sudo ./spravuj_sdileni.sh user-list
```
**Configure share access for a user**:
```bash
sudo ./spravuj_sdileni.sh user-access [username]
```
Fix user permissions - implement group-based multi-user access Problem: Users could authenticate but got "permission denied" when creating files Root cause: Shares used force_user which prevented proper multi-user access Solution: Group-based permission system - Created `sambashare` group for all Samba users - Users are automatically added to this group on configuration - Share directories get proper group ownership (chown :sambashare) - SetGID bit ensures new files inherit group ownership - Removed force_user directive for multi-user shares - All shares now use force_group=sambashare Changes in configure_user_shares(): - Creates sambashare group if it doesn't exist - Adds user to sambashare group - Sets filesystem permissions: chown -R :sambashare + chmod g+rw - Applies SetGID bit: chmod g+s - Removes force_user from share config - Sets force_group=sambashare Changes in disk share creation: - Creates sambashare group automatically - Adds detected user to sambashare - Sets proper filesystem permissions on mount - Uses force_group=sambashare instead of user's primary group - Removed force_user directive entirely Benefits: ✅ Multiple users can read/write files without permission errors ✅ Files preserve actual creator ownership (not forced) ✅ Proper Unix permissions maintained ✅ Works across reboots (group membership persists) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:02:31 +01:00
Interactively select which shares the user can access. This command:
- Adds the user to the `sambashare` group
- Sets proper filesystem permissions (group ownership + read/write)
- Removes single-user restrictions (`force user`) from shares
- Enables multi-user access with proper file ownership
Add comprehensive user management functionality Features added: - Create Samba users with password setup (user-create) - List all Samba users (user-list) - Delete Samba users with optional system user removal (user-delete) - Configure share access for users interactively (user-access) - Revoke user access from specific shares (user-revoke) - Automatically creates system users if needed - Interactive share selection for user permissions - Disables guest access when users are assigned User management includes: - Password prompts for new users - System user creation with no shell access - Integration with pdbedit for user management - Automatic valid_users configuration in smb.conf - Backup creation before any configuration changes Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:43:25 +01:00
**Revoke user access from a share**:
```bash
sudo ./spravuj_sdileni.sh user-revoke <username> <share-name>
```
**Delete a Samba user**:
```bash
sudo ./spravuj_sdileni.sh user-delete [username]
```
Optionally removes the system user as well.
Fix user permissions - implement group-based multi-user access Problem: Users could authenticate but got "permission denied" when creating files Root cause: Shares used force_user which prevented proper multi-user access Solution: Group-based permission system - Created `sambashare` group for all Samba users - Users are automatically added to this group on configuration - Share directories get proper group ownership (chown :sambashare) - SetGID bit ensures new files inherit group ownership - Removed force_user directive for multi-user shares - All shares now use force_group=sambashare Changes in configure_user_shares(): - Creates sambashare group if it doesn't exist - Adds user to sambashare group - Sets filesystem permissions: chown -R :sambashare + chmod g+rw - Applies SetGID bit: chmod g+s - Removes force_user from share config - Sets force_group=sambashare Changes in disk share creation: - Creates sambashare group automatically - Adds detected user to sambashare - Sets proper filesystem permissions on mount - Uses force_group=sambashare instead of user's primary group - Removed force_user directive entirely Benefits: ✅ Multiple users can read/write files without permission errors ✅ Files preserve actual creator ownership (not forced) ✅ Proper Unix permissions maintained ✅ Works across reboots (group membership persists) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:02:31 +01:00
### How Permissions Work
FSA uses a group-based permission system for secure multi-user access:
1. **sambashare Group**: All Samba users are added to this group
2. **Filesystem Permissions**: Share directories are owned by group `sambashare` with read/write access
3. **SetGID Bit**: Ensures new files inherit the correct group ownership
4. **No Force User**: Multi-user shares don't force a specific user, preserving actual file ownership
This means:
- ✅ Multiple users can read/write files
- ✅ Files show the actual creator's ownership
- ✅ Proper Unix permissions are maintained
- ✅ No permission denied errors
SECURITY: Remove dangerous root filesystem share Removed server-root share that exposed entire / filesystem via Samba. Why this is dangerous: - Exposes all system files (/etc/passwd, /etc/shadow, etc.) - Allows modification of system configuration - Could allow privilege escalation - Risk of accidental deletion of critical files - No legitimate use case for sharing entire root filesystem Changes: - Removed "server-root" from default SHARES array - Removed "root" share type from create_share() function - Removed server-root creation from create-all command - Updated README to remove Root Share documentation - Updated create-all description to reflect home directory only Added to README: - Section explaining how to fix existing users with permission issues - Clear warning: "Do NOT run init - that would delete your configuration" - Instructions to use user-access to fix permissions instead Users should only share specific directories they need, not the entire filesystem! Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:05:45 +01:00
### Fixing Existing Users
If you created users before the permission system was fixed and they're getting "permission denied" errors:
```bash
sudo ./spravuj_sdileni.sh user-access <username>
```
Select the shares they should have access to. This will:
- Add them to the sambashare group
- Fix filesystem permissions
- Update share configuration
**Do NOT run `init`** - that would delete your entire configuration!
Initial commit: Universal Samba share manager Features: - Auto-detects Linux distribution (Arch, Debian, Ubuntu, Fedora, RHEL, etc.) - Auto-installs Samba if not present - Auto-detects current user and network interfaces - Supports disk discovery and management - Optional persistent mounting via /etc/fstab - Safe configuration management with backups Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:32:47 +01:00
## Share Types
The script creates different types of shares:
### Home Share
- Read/write access for all users
- Guest access enabled
- Shares your user's home directory
### Disk Shares
- Automatically configured for external disks
- Custom dfree scripts for accurate disk space reporting
- Proper permissions (664/775)
- Force user/group settings
## Configuration
All shares include:
- SMB2/SMB3 protocol support
- Network restrictions (local networks only)
- Optimized socket options
- Performance tuning (sendfile, AIO)
Default allowed networks:
- 127.0.0.1 (localhost)
- 192.168.0.0/16 (private network)
- 10.0.0.0/8 (private network)
- 172.16.0.0/12 (private network)
- 100.64.0.0/10 (CGNAT/Tailscale)
## Advanced Usage
### Add [global] section to existing config
```bash
sudo ./spravuj_sdileni.sh add-global
```
Major improvements to drive detection and create-all command Drive Detection Improvements: - Enhanced discover_mounts() with verbose mode showing detailed disk info - Better filtering to skip loopback devices and empty entries - Extended SHARES array format to include device name and UUID (5 fields) - Shows mount status, disk size, and free space for each partition create-all Command Overhaul: - Now a comprehensive 4-step setup process: 1. Creates static shares (home + root) 2. Detects all disk partitions on the system 3. Automatically mounts unmounted disks to /mnt/<label> 4. Adds disks to /etc/fstab for persistent mounting 5. Creates Samba shares for all mounted disks - Perfect for initial setup or bulk disk management Other Improvements: - discover command now shows verbose output with mount status - auto-disks shows count of created shares - Updated all functions to handle new 5-field SHARES format - Better error handling and user feedback throughout This makes FSA truly zero-touch for multi-disk setups! Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:54:22 +01:00
### Create all shares automatically
Initial commit: Universal Samba share manager Features: - Auto-detects Linux distribution (Arch, Debian, Ubuntu, Fedora, RHEL, etc.) - Auto-installs Samba if not present - Auto-detects current user and network interfaces - Supports disk discovery and management - Optional persistent mounting via /etc/fstab - Safe configuration management with backups Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:32:47 +01:00
```bash
sudo ./spravuj_sdileni.sh create-all
```
Major improvements to drive detection and create-all command Drive Detection Improvements: - Enhanced discover_mounts() with verbose mode showing detailed disk info - Better filtering to skip loopback devices and empty entries - Extended SHARES array format to include device name and UUID (5 fields) - Shows mount status, disk size, and free space for each partition create-all Command Overhaul: - Now a comprehensive 4-step setup process: 1. Creates static shares (home + root) 2. Detects all disk partitions on the system 3. Automatically mounts unmounted disks to /mnt/<label> 4. Adds disks to /etc/fstab for persistent mounting 5. Creates Samba shares for all mounted disks - Perfect for initial setup or bulk disk management Other Improvements: - discover command now shows verbose output with mount status - auto-disks shows count of created shares - Updated all functions to handle new 5-field SHARES format - Better error handling and user feedback throughout This makes FSA truly zero-touch for multi-disk setups! Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:54:22 +01:00
This comprehensive command will:
SECURITY: Remove dangerous root filesystem share Removed server-root share that exposed entire / filesystem via Samba. Why this is dangerous: - Exposes all system files (/etc/passwd, /etc/shadow, etc.) - Allows modification of system configuration - Could allow privilege escalation - Risk of accidental deletion of critical files - No legitimate use case for sharing entire root filesystem Changes: - Removed "server-root" from default SHARES array - Removed "root" share type from create_share() function - Removed server-root creation from create-all command - Updated README to remove Root Share documentation - Updated create-all description to reflect home directory only Added to README: - Section explaining how to fix existing users with permission issues - Clear warning: "Do NOT run init - that would delete your configuration" - Instructions to use user-access to fix permissions instead Users should only share specific directories they need, not the entire filesystem! Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:05:45 +01:00
1. Create your home directory share
Major improvements to drive detection and create-all command Drive Detection Improvements: - Enhanced discover_mounts() with verbose mode showing detailed disk info - Better filtering to skip loopback devices and empty entries - Extended SHARES array format to include device name and UUID (5 fields) - Shows mount status, disk size, and free space for each partition create-all Command Overhaul: - Now a comprehensive 4-step setup process: 1. Creates static shares (home + root) 2. Detects all disk partitions on the system 3. Automatically mounts unmounted disks to /mnt/<label> 4. Adds disks to /etc/fstab for persistent mounting 5. Creates Samba shares for all mounted disks - Perfect for initial setup or bulk disk management Other Improvements: - discover command now shows verbose output with mount status - auto-disks shows count of created shares - Updated all functions to handle new 5-field SHARES format - Better error handling and user feedback throughout This makes FSA truly zero-touch for multi-disk setups! Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:54:22 +01:00
2. Detect all disk partitions on the system
3. Automatically mount any unmounted disks to `/mnt/<disk-label>`
4. Add unmounted disks to `/etc/fstab` for persistence across reboots
5. Create Samba shares for all mounted disks
Perfect for initial setup or adding multiple disks at once!
Initial commit: Universal Samba share manager Features: - Auto-detects Linux distribution (Arch, Debian, Ubuntu, Fedora, RHEL, etc.) - Auto-installs Samba if not present - Auto-detects current user and network interfaces - Supports disk discovery and management - Optional persistent mounting via /etc/fstab - Safe configuration management with backups Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:32:47 +01:00
## Troubleshooting
CRITICAL FIX: Add safety checks to prevent breaking system files ISSUE: Previous version could break sudo and system files The recursive chown/chmod commands in configure_user_shares() and create_share() could modify system directories like /usr, /etc, /home causing critical system breakage including sudo permissions. ROOT CAUSE: - No validation of paths before recursive operations - Could modify /, /usr, /home and other system directories - Broke /usr/bin/sudo permissions (needs uid 0 and setuid bit) SOLUTION: Added comprehensive path safety checks New function: is_safe_path_for_permissions() - Blacklists ALL dangerous system paths: /, /usr, /etc, /bin, /var, etc. - Only allows /mnt/* (external disk mounts) - Only allows /home/user/subdir (not /home or /home/user itself) - Returns error for any system directory Protection applied to: 1. create_share() - disk share creation (line 326) 2. configure_user_shares() - user access configuration (line 869) Behavior: - Safe paths (/mnt/*): Permissions applied normally - Unsafe paths: Prints warning, skips permission changes - Users must manually set permissions for system directories Emergency fix instructions added to README: - How to fix broken sudo (chown root:root /usr/bin/sudo && chmod 4755) - Multiple recovery methods (root shell, su, recovery mode) - Clear warning about older versions This prevents catastrophic system breakage while still allowing proper multi-user access for external disk shares. APOLOGIES TO USERS: If you were affected by the previous version, I'm deeply sorry for breaking your system. Please follow the recovery instructions in the README. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:09:53 +01:00
### CRITICAL: If sudo is broken after running user-access
**Symptoms**: `sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set`
**This happened if you ran an older version (before v1.3) that modified system directories.**
**Fix (choose one method):**
**Method 1 - If you're still root in a shell:**
```bash
chown root:root /usr/bin/sudo
chmod 4755 /usr/bin/sudo
```
**Method 2 - Switch to root user:**
```bash
su -
chown root:root /usr/bin/sudo
chmod 4755 /usr/bin/sudo
exit
```
**Method 3 - Recovery mode:**
1. Reboot and select recovery/single-user mode in GRUB
2. Mount filesystem: `mount -o remount,rw /`
3. Fix sudo: `chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo`
4. Reboot normally
**After fixing sudo, update to the latest version of FSA which has safety checks!**
Initial commit: Universal Samba share manager Features: - Auto-detects Linux distribution (Arch, Debian, Ubuntu, Fedora, RHEL, etc.) - Auto-installs Samba if not present - Auto-detects current user and network interfaces - Supports disk discovery and management - Optional persistent mounting via /etc/fstab - Safe configuration management with backups Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 20:32:47 +01:00
### Check service status
```bash
sudo systemctl status smbd nmbd
# or on some distros:
sudo systemctl status smb nmb
```
### View logs
```bash
sudo journalctl -u smbd -u nmbd -f
```
### Test configuration
```bash
sudo testparm
```
### Check which shares are visible
```bash
smbclient -L localhost -N
```
## Security Notes
- Always review the generated configuration
- Shares are restricted to local networks by default
- Root share requires authentication
- Guest access is only enabled for home shares by default
## License
Do whatever the fuck you want with it.
## Author
Created with frustration and love for Samba configuration.
Reference in a new issue Copy permalink